View block activity with the Activity Log tab on the Application Block page. This page displays data and trends to understand which applications are being blocked on endpoints. Use this data to adjust your Application Block rules as needed.
- Log in to Malwarebytes Nebula.
- In the left navigation menu, go to Monitor > Application Block.
- Endpoint activity displays.
The top diagram displays a timeline for all blocked activity within the last 30 days. Click on blocked timeframes to filter the table by blocked activity for this timeframe.
The Activity Log tab displays blocked applications across all your managed endpoints. Blocked records are retained for approximately 90 days. View the following information for each endpoint's activity record:
- Agent version: Malwarebytes endpoint agent version.
- Application data: Name of the application executable blocked on the endpoint.
- Blocked at: Time and date the application was blocked.
- Endpoint: The endpoint hostname with the blocked application.
- Group: The group of the endpoint.
- IP Address/CIDR: IP Address or CIDR of the endpoint.
- OS platform: The operating system platform of the endpoint.
- OS release name: The operating system release name of the endpoint.
- OS type: Whether the endpoint is a Workstation or Server.
- OS version: The operating system of the endpoint.
- Policy: Policy the endpoint is assigned under.
- Rule: Block rules assigned to the endpoint.
- User: User account on the endpoint.
Sort data in the results list
The Activity Log table helps you manage the available information pulled from your endpoints. Use filters within this table to sort your block activity information into specified results.
Customize data in the results list in the following ways:
- Click Add / Remove Columns above the results list to choose which columns to display.
- Drag and drop certain column headers to the results bar to group data by those parameters.
- Hover your cursor over a column header to reveal a hamburger icon with options to pin and auto-size columns.
Click on a column filter icon to narrow the results. When clicking on the filter icon, the filter list at the top of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all.
Download DNS activity information to your local machine for auditing purposes or external reporting.
- Select all or check specific boxes for the rows you want to export.
- At the top-right of the Active Block Rules page, click Export.
Return to Application Block guide for Nebula.